[Owasp-csrfguard] Token landing page issue when accessing application URL

Patrick Radtke pradtke at stanford.edu
Fri Jul 27 16:51:47 UTC 2012


Why are you using 'NewTokenLandingPage'?
IMHO if you want users to have direct access to a URL, don't protect 
that URL with CSRFGuard.

-Patrick



On 7/25/12 12:12 PM, Amol Walunjkar wrote:
> Hi,
>
> We have one requirement in our application. In this, the user of our
> application will receive an email which contains a hyperlink using which
> he can directly go to one of the functionality of the application.
> We have utilized OSWAP framework for providing security against CSRF.
> In the properties file we have set the "NewTokenLandingPage" property to
> home page our application.
> Now the problem is that, when user launch the hyperlink from the email
> he received to access specific functionality he is always taken to the
> home page instead of the directed URL in the email.
> In the documentation it is said that all query-string form parameters
> sent with the original request will be discarded. But then, if we have
> to implement such behavior in application which is the solution for this.
>
> Does the current OSWAP framework for CSRF support such custom requirement ?
>
> Please advice
>
> Thanks in advance
>
> --
> Regards,
> Amol
>
>
> _______________________________________________
> Owasp-csrfguard mailing list
> Owasp-csrfguard at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-csrfguard
>



More information about the Owasp-csrfguard mailing list